Attention—in some form or capacity, we humans (sorry Googlebot if you are indexing this) seek and crave attention. As infants we crave attention from our parents, as children our friends, and as teens and adults, usually, from our peers, or those who have a common interest or understanding with us. Correspondingly, we all like to brag about our accomplishments to a certain extent. This is why social media has become so popular worldwide: it provides an audience for those who like to be heard.
In the old days (before the Internet became commonplace), when hackers compromised a computer, it was rather difficult to show off their feats to their friends. Sure they could talk endlessly about their triumphs, but how many times would it take for Mom, Dad, Brother, and Sister to understand, especially if they couldn’t tell the difference between a baud rate and a bald RAT?
So, what’s the point of doing things that only a few people can do if you don’t have an audience to brag to? As the saying goes, a picture is worth a thousand words, or in this case a video is worth even more.
In one video, an attacker declares their intentions and actions to the world. This blog examines some of the content from the video.
RATS I’ve been infected!
Those who are not in the computer industry may not be aware of the term RAT (Remote Access Tool). Nor may they be aware that with a little social engineering, their computers can be compromised and fully controlled by someone remotely over the Internet. A RAT is software that provides an interface allowing a person to remotely control another computer from any location in the world. As you may have guessed, there are a lot of legitimate uses for a RAT, along with a lot of nefarious ones as well. Without getting into the delivery mechanisms of these RATs, there are a number of creative ways (using an exploit, vulnerability, or social engineering) for these to be installed.
With the advent of Web 2.0 and streaming media, there are various videos on the Internet poking fun at “slaves/victims,” or individuals who have been compromised. Mostly, these individuals have been compromised by having a RAT installed on their computer, whereby the hacker has the capability to perform the following actions:
- Monitor all computer and Internet usage
- Monitor audio (through the microphone)
- Monitor video (through the webcam)
- Turn on and off the webcam and monitor usage in real-time
Furthermore, if a computer is on and connected to the Internet, an attacker may have full control of the computer.
In the next set of images, are examples of users who have been recorded by the hacker—the users are mocked and ultimately uploaded to YouTube.
The following image portrays an example from a video of a user who is clearly in distress—puzzled and confused as to what is going on.
In the following example, we are initially presented with a view of the attacker’s desktop and a window (top right) with seven computers that he can access.
The video goes on to show the desktops of several compromised computers and then displays messages describing the actions performed by the attacker.
These examples provide some insight into the minds of these devious individuals. To be sure that you and your computer stay safe and do not become RAT-infested, ensure that your Norton antivirus definitions are always up-to-date.
To ensure that you stay RAT free:
- Only install applications that are deemed safe/trustworthy. Try reading reviews of the program before installing. Also, if installing a program, always make sure that you download the program from a reputable source.
- Always use caution and common sense when asked to click on a link or to download and install programs through email and instant message applications. Never trust an anonymous email link or IM link. This goes for people who you trust as well. They may not be aware that they are linking you to a bad program or website.
- If compelled to install a program because you’ve received a message stating to update popular, well-known applications—from a 3rd party site, steer clear of it. ALWAYS install the update from the software vendor directly.
Always practice safe computing and use common sense. A bit of caution always goes a long way, especially over the Internet.